kitos
f54dc0d342
Aegis CI / lint-and-test (push) Has been cancelled
Snyk Security Scan / Python vulnerabilities (backend) (push) Has been cancelled
Snyk Security Scan / npm vulnerabilities (frontend) (push) Has been cancelled
Snyk Security Scan / Docker image vulnerabilities (backend) (push) Has been cancelled
Snyk platform was resolving unpinned deps to old vulnerable versions. All minimum versions match current production installs (from requirements-lock.txt). Key security fixes reflected: - PyJWT>=2.13.0 (fixes CWE-287 Improper Authentication, CWE-326, CWE-347) - python-multipart>=0.0.32 (fixes CWE-22 Directory Traversal, CWE-770) - fastapi>=0.136.3 (fixes CWE-1333 ReDoS) - requests>=2.34.2 (fixes CWE-201, CWE-377, CWE-670) - lxml>=6.1.1 (fixes CWE-611 XXE Injection)